Table of contents
This document describes how to implement the cookie handling in EPiServer CMS. An EU directive states that site owners are responsible for informing visitors about which cookies are used and what they are used for, but the website visitors must also approve the cookies to be used. For more information about the EU directive, personalization feature and download of statement samples, refer to the article Protecting Your Visitors’ Privacy According to EU Directive on Cookies.
Cookies used in EPiServer CMS
EPiServer CMS uses the following cookies:
|ASP.NET_SessionId||Session cookie sent to the web browser. Used when you open the browser and then go to a website that implements ASP.NET session state. This cookie is deleted when you close your browser.|
|EPi:NumberOfVisits||Used if you are using the Number of Visits personalization criterion. This cookie will not be set if you remove it from all of your visitor groups.|
|.EPiServerLogin, EPiDPCKEY, .ASPXRoles||Only used if you log in to a website. This is not a major problem as long as you clearly state on the login page that cookies will be used if you log in.|
|_utma, _utmb, _utmc, _utmz||Google Analytics cookies that are commonly used on EPiServer websites. These third-party cookies are used to collect information about how visitors use the website.|
Informing visitors about cookies
Note that you as a website owner need a statement that informs and explicitly asks each first-time visitor if a cookie may be placed on their computer, mobile phone or other terminal equipment. It is not acceptable to solely rely on the visitors’ web browser cookie settings.